Allowing Uploads – Is it safe?

  • Resolved ratc01

    (@ratc01)


    7 years, 6 months ago

    We’ve had NinjaFirewall (ver. 3.5.3) running for sometime but recently it started blocking all non-Admins from uploading into the Media bin. After trying a few things I briefly deactivated NinjaFirewall and the problem went away. So, after re-activating it I whitelisted all logged in users (we only have a few) AND set the File Uploads option to ‘Allow uploads’. (Either one by itself didn’t help).

    My question is: How dangerous is that? Anyone that has an account on our site is allowed to upload files, but I’m not sure if the “Allow uploads” option will also somehow let unauthorized users to upload unwanted items.

Viewing 1 replies (of 1 total)
  • Plugin Author nintechnet

    (@nintechnet)

    So, after re-activating it I whitelisted all logged in users (we only have a few) AND set the File Uploads option to ‘Allow uploads’. (Either one by itself didn’t help).

    Either one should work. If you trust your users, I recommend to whitelist them. But right after you do that, make sure they log out and then log in again (the whitelist will be enabled when they log in). If that still does not work, try to debug the issue by following this article: https://blog.nintechnet.com/ninjafirewall-php-sessions-debugging/

    Regarding allowing uploads, it does make a site a bit less secure because if you had a vulnerable plugin that allowed uploads, such as this one, it would not be blocked by the firewall.
    Of course, that does not mean that unauthenticated users will be able to upload a file using WordPress. As long as there is no vulnerability, you are fine.

    • This reply was modified 7 years, 6 months ago by nintechnet.
Viewing 1 replies (of 1 total)
  • The topic ‘Allowing Uploads – Is it safe?’ is closed to new replies.